Text only | Text with Images

The MASM Forum Archive 2004 to 2012

General Forums => The Campus => Topic started by: thomasantony on April 03, 2005, 02:46:09 PM

Title: Problem with binary progging
Post by: thomasantony on April 03, 2005, 02:46:09 PM
Hi,
  I am wokring on making small program using a hex editor only to learn more about the PE format. So I made an ExitProcess proggy and a messagebox proggy that worked well. Now I am working on a window. AFAIK it is working Ok. but it keeps crashing. with Olly dbg I found it was crashing on CreateWindowEx  :snooty:

Thomas Antony ::)

[attachment deleted by admin]
Title: Re: Problem with binary progging
Post by: pbrennick on April 03, 2005, 02:50:06 PM
Gee, I am sorry to hear that, hope you can work it out.  Are you asking a question or just chewing the fat?  Show us what is stumping you and we might be able to help.

Paul
Title: Re: Problem with binary progging
Post by: sluggy on April 03, 2005, 10:51:26 PM
For a start, i would check 3 things:

- run your exe thru a disassembler, to make sure that what you think is there is actually there. You may have used an incorrect opcode, etc.

- are you using a window class name or an atom for lpClassName? Having either wring will cause a crash.

- make sure your data is aligned, easy to get out of alignment when you are hand coding the hex.


You could also add a call to GetLastError or add some SEH, of course you will have to do that the hardcore way as well :)
Title: Re: Problem with binary progging
Post by: thomasantony on April 04, 2005, 05:27:58 AM
Uh, I was stupid to forget to post the attachment. Anyway I solved the problem. I was filling the wrong members of WNDCLASSEX and there was some problems with the jump table and API calls. I have also made my own 60h byte DOS stub. THe file is attached.

Thomas

[attachment deleted by admin]
Title: Re: Problem with binary progging
Post by: hutch-- on April 04, 2005, 08:34:20 AM
Thomas,

I downloaded the file and tried it but it does not run on my win2k sp4. What is it supposed to do ?
Title: Re: Problem with binary progging
Post by: hitchhikr on April 04, 2005, 11:49:45 AM
It just displays a window.

Replace the bytes at 0x2b6 (0xff 0x75 0x04) with 0x6a 0x0a 0x90 and the window will be displayed.
Title: Re: Problem with binary progging
Post by: pbrennick on April 04, 2005, 12:34:17 PM
It does not run on XP HE, either.  However, it does run on ME.

Paul
Title: Re: Problem with binary progging
Post by: hitchhikr on April 04, 2005, 01:06:08 PM
Once patched it runs under xp sp1.
Title: Re: Problem with binary progging
Post by: thomasantony on April 05, 2005, 06:08:32 AM
Hi,
  Thnx for testing. BTW I use Win98SE. So I made such that it works on that. What did you patch hitch? Isn't the PE format a standard?

Thomas
Title: Re: Problem with binary progging
Post by: hitchhikr on April 05, 2005, 06:27:56 AM
The nCmdShow value passed to ShowWindow was wrong and newer windows are obviously not as forgiving as the older ones.
Title: Re: Problem with binary progging
Post by: thomasantony on April 05, 2005, 03:29:26 PM
Oops,
    I didn't pass the value to Wndproc and tried to use the parameter but even that was wrong I used [ebp+4] instead of [ebp+14]. The new one is in the first post

Thomas
Text only | Text with Images